Stronghold Server

Important Note:

Effective 1 January 2011, we will no longer support any Certificate Signing Request [CSR] generated with a 1024 bit key. This is because NIST, PKIX, WebTrust and other respective security standards no longer consider the 1024 bit key size as secure. Read more >


NOTE: Keys and certificates are managed through three scripts: genkey, getca and genreq. These are part of the normal Stronghold distribution. Keys and certificates are stored in the directory$SSLTOP/private/, where SSLTOP is typically /usr/local/ssl.

To generate a key pair and CSR for your server:

Back up your key file and CSR on a floppy disk and store the disk in a secure location. If you lose your private key or forget the password, you will not be able to install your certificate.